Security

Freight data handled with enterprise-grade security

CargoFide is built on a security-first architecture. Every record is isolated by tenant, every action is audited, and no client can ever see another client's cargo data — not by configuration, by database law.

Data SecurityAudit TrailRow-Level SecurityPrivacy Policy

Data Security

Encryption at rest and in transit

All freight data and trade documents are encrypted end-to-end, on secure cloud infrastructure with independently audited providers.

Encryption at rest

All data stored in our AWS-hosted PostgreSQL database is encrypted at rest using AES-256. Storage buckets (uploaded documents, generated PDFs) are encrypted separately at the object level.

TLS in transit

All communication between the browser, our global edge network, and the AWS backend uses TLS 1.2+. Certificate pinning is enforced on API routes. No plaintext transmission of any kind.

Cloud infrastructure

CargoFide runs on AWS (ap-south-1 / Mumbai region for India-local latency) behind a global edge network. The underlying providers hold SOC 2 Type II certifications and publish independent audit reports.

Secret management

Service-role keys, API secrets, and signing keys are stored in encrypted environment variables — never committed to the codebase. Rotation follows a 90-day cycle.

Document storage: Uploaded trade documents (invoices, B/Ls, certificates) are stored in encrypted AWS object storage with signed URL access. URLs expire after 60 minutes. No document is publicly accessible by URL — every download is gated through an authenticated API route that verifies the caller's tenant before generating the signed URL.

Audit Trail

Every action, immutably recorded

Every status change, document upload, approval, and administrative action is captured with the actor, timestamp, and before/after state — and cannot be edited through the application.

Shipment lifecycle

  • Status transitions (booking → customs → delivered)
  • Carrier and routing updates
  • Admin and client notes

Document workflow

  • Upload events (who, when, from which role)
  • Review, approval, rejection, and expiry
  • Version history (every revision numbered)

Financial records

  • Quotation create/edit/approve/reject
  • Proforma invoice issue and client acceptance
  • Line-item additions and charge changes

Customs compliance use: Freight forwarders operating under the Indian Customs Act 1962 must maintain records of import/export declarations and supporting documents for a minimum of 5 years. CargoFide's audit trail satisfies this obligation digitally, with timestamped entries exportable on demand for customs audits.

Row-Level Security

Tenant isolation enforced by the database — not application config.

Even if an application bug bypassed every other access control, the database itself would still refuse to return another client's records. This is not configuration — it is a database law.

How it works

1

Every request carries a signed JWT identifying the authenticated user.

2

A SECURITY DEFINER function resolves client_id from the JWT — not from the request payload.

3

Every read and write on client-scoped tables is filtered by that client_id at the query planner level.

4

The privileged service role is used only in server-side API routes with an additional application-layer forwarder guard.

Client isolation guarantee

Client A can never query, view, download, or modify Client B's shipments, documents, or quotations — regardless of how the request is constructed. The database enforces this without relying on application code.

Forwarder isolation

Admin users are bound to their forwarder_id. One forwarder's admin cannot access another forwarder's clients, shipments, or settings — even in a shared-platform deployment.

RLS policies are versioned in SQL migration files and tested with automated end-to-end specs on every deployment.